Playing the Blame Game

Slack AliceSlogger, Infosecurity Magazine

Trolled on social media—it’s happened to all of us. The nameless, faceless, pseudo-anonymity offered by Twitter in particular is a perfect vector for bad-spirited pranks and bullying. Most of us have received phishing mails too—and maybe some of us have fallen for them. At the same time, you have hackers. And hackers gonna hack.

It’s a lot of business owners to cope with—so what do you do? Educate employees on recognizing threats and fraudulent mails? Hire a social media strategist? Beef up one’s multi-layered security defenses?

No, no and no. The real answer is simple and straightforward: find someone to blame. Anyone but yourself.

Gary Spence, owner of a digital marketing company called HSC Media, offers a blueprint in this area: He’s found a good target in Action Fraud, the UK’s national reporting center for fraud and internet crime.

He explained the situation to his local newspaper, the Stoke Sentinel: “We started to have trolling on our company's Twitter account. Then we had mysterious emails requesting work for potential clients which weren't grammatically correct, unlike any normal request. People were trying to access our website from the back end, not the public way, and we noticed it was happening from the same IP address. We tracked it, and knew who they were, and gathered 18 pages of information, and took it to the police."

Spence reported the situation to Action Fraud, but never heard back—and he called his dealings with Staffordshire Police “an uphill battle.” Most of all, he’s not saying what he and his business could do to protect the crown jewels. He’s just angry that the perpetrators weren’t thrown in the slam.

“But eventually the perpetrators were given a caution each—and the two individuals were based in Cannock, and they were using work computers,” he told the paper, in what I imagine as a nasally whine. “They said it was a bit of fun that got out of control. They were going out to give us bad publicity, and they didn't even know us."

He added, “Action Fraud is just there for lip services and collating data—they don't do anything."

Welcome to the real world, Mr. Spence. Do for oneself—a bit of a hallmark for successful companies when it comes to security posture.

Local Police and Crime Commissioner Matthew Ellis, perhaps in an act of deflection, piled on, telling the paper: “Action Fraud…is clearly overwhelmed and the understandable need to prioritize caseload leaves too many victims without any meaningful service."

Invoking a bit of Brexit zeitgeist, he added, “perpetrators of these crimes are cowardly and faceless and often are not even on this continent. They are parasites that wreck the lives of decent, law abiding people, often leaving them financially and emotionally broken with a feeling that law doesn't care and there's ultimately no justice.”

That’s some pretty heady stuff. I thought that things like being abandoned as a child were more likely to break a person, not clicking on a phishing link thanks to one’s own lack of online safety education, but hey, to each their own emotional torment.

Action Fraud’s response was diplomatic: “We must all work to find innovative ways to tackle the issue. Prevention is integral to reducing the level of crimes and we welcome Staffordshire's PCC efforts in this area.”

In stark contrast to this snowflake ‘tude, we have 22-year-old Michael Hicks, who shows that school really does rule—at least when it comes to staving off a cyber-attack.

Thanks to the information he learned on a free online course run by Newcastle University’s School of Computing Science in the UK, he avoided becoming a victim of unscrupulous cyber-criminals who contacted him via auction site, eBay.

“I had a phone which I decided to sell via eBay,” he said. “I was going to sell it for around £350 but then I was contacted by someone directly who said they would give me £500 if I took it off the auction and they would buy it straight away. It seemed too good an opportunity to miss and they then sent me what looked like an email from PayPal so they could transfer the money into my account.”

But online safety awareness came to the rescue!

“I remembered what I’d been taught on the course and I realized that this was a phishing email and that it would have given them access to my bank account,” he said. “It was very clever and it really looked like the real thing but thanks to the course it really made me more aware of what to look out for and I believe saved my bank account being accessed.”

What can we say. It’s simple, really—stop blaming overloaded governmental resources for your own lack of security preparedness and carpe diem. Bottom line: Be like Mike.